Patchwork gnu: service: Add git-service.

login
register
mail settings
Submitter non such
Date Aug. 30, 2016, 5:50 p.m.
Message ID <871t16qh83.fsf@we.make.ritual.n0.is>
Download mbox | patch
Permalink /patch/15082/
State New
Headers show

Comments

non such - Aug. 30, 2016, 5:50 p.m.
I tried to address most of what you've written.

While I was correcting the documentation I decided to add more options,
now it doesn't work anymore, probably because of the ifs I added.

Andy Wingo <wingo@igalia.com> writes:

> On Tue 30 Aug 2016 13:45, ng0 <ng0@we.make.ritual.n0.is> writes:
>
>>>I also think that "path" might
>>> not be the right word, which in GNU manuals is only used for search
>>> paths.  See the "GNU Manuals" section of standards.texi for more.
>>> Anyway I suggest #:base-directory.  Make sure the port is an integer and
>>> not a string.
>>
>> See 'man git daemon'.
>
> I ran this and it did not work -- first showed me a page for git then
> for daemon.  I believe you want "man git-daemon"?
>
>> The switch is called --base-path.  Looking at the openrc conf.d/git or
>> what the config file was called again, they stick to this name too.
>> It would just cause confusion if we go ahead and call it differently.
>> Upstream should be fixed, but I'm not going there.  If you think we
>> should break expectations, I can rename it.
>
> "Fixing" upstream is out of our remit :)  All I can ask is that we do
> not introduce new uses of the word "path".
>
>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>>>> +daemon.
>>>
>>> Extra "daemon" here.  Probably needs a sentence on what running the
>>> daemon will do (namely, expose local repositories for remote access).
>>>
>>> What about authentication?  Is this purely anonymous?
>>
>> Exactly, authentication is handled via other daemons, for example ssh or
>> gitolite. git daemon supports no authentication and is read-only, as far
>> as I know. At the servers I use and setup, I pull via
>> git://,http://,https:// and push via ssh.
>> Its selfdescription is:
>> git-daemon - A really simple server for Git repositories.
>
> This needs to be documented in the manual, is what I was getting at :)
> Mention that this is for anonymous read-only access please.

read-only was wrong, anonymous write-access for all the world can be set
up but it is not default.

>
>>>Use "file name" instead of path in general.
>>
>> Why?
>
> It is because it is standard in the GNU project.  I mentioned this
> before.  See "info standards" and go to "GNU manuals".
>
>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>>> +Run @command{man git daemon} for information about the options.
>>>
>>> This man command does not work.
>>
>> Works for me. As far as I know man pages were merged into git package
>> recently. When I run this on debian with guix, 'man git daemon' works
>> too.
>
> It does not work for me on NixOS with Guix.  Maybe I am out of date
> though.
>
>>>> +(define %git-accounts
>>>> +  ;; User account and groups for git-daemon.
>>>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>>
>>> What does this comment mean?  Why would we switch?
>>
>> I am not sure about the limitations of git-shell compared to
>> /bin/sh. If this turns out to be a mistake, it can be corrected. The
>> only thing I know about git-shell is that it allows no logins.
>
> If you do not want a login then probably what you want is
> #~(string-append #$shadow "/sbin/nologin").
>
> Andy
non such - Sept. 27, 2016, 8:18 a.m.
So almost one month passed now.
To continue testing this, I need help on this first.

Thanks.

ng0 <ng0@we.make.ritual.n0.is> writes:

> I tried to address most of what you've written.
>
> While I was correcting the documentation I decided to add more options,
> now it doesn't work anymore, probably because of the ifs I added.
>
> Andy Wingo <wingo@igalia.com> writes:
>
>> On Tue 30 Aug 2016 13:45, ng0 <ng0@we.make.ritual.n0.is> writes:
>>
>>>>I also think that "path" might
>>>> not be the right word, which in GNU manuals is only used for search
>>>> paths.  See the "GNU Manuals" section of standards.texi for more.
>>>> Anyway I suggest #:base-directory.  Make sure the port is an integer and
>>>> not a string.
>>>
>>> See 'man git daemon'.
>>
>> I ran this and it did not work -- first showed me a page for git then
>> for daemon.  I believe you want "man git-daemon"?
>>
>>> The switch is called --base-path.  Looking at the openrc conf.d/git or
>>> what the config file was called again, they stick to this name too.
>>> It would just cause confusion if we go ahead and call it differently.
>>> Upstream should be fixed, but I'm not going there.  If you think we
>>> should break expectations, I can rename it.
>>
>> "Fixing" upstream is out of our remit :)  All I can ask is that we do
>> not introduce new uses of the word "path".
>>
>>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>>>>> +daemon.
>>>>
>>>> Extra "daemon" here.  Probably needs a sentence on what running the
>>>> daemon will do (namely, expose local repositories for remote access).
>>>>
>>>> What about authentication?  Is this purely anonymous?
>>>
>>> Exactly, authentication is handled via other daemons, for example ssh or
>>> gitolite. git daemon supports no authentication and is read-only, as far
>>> as I know. At the servers I use and setup, I pull via
>>> git://,http://,https:// and push via ssh.
>>> Its selfdescription is:
>>> git-daemon - A really simple server for Git repositories.
>>
>> This needs to be documented in the manual, is what I was getting at :)
>> Mention that this is for anonymous read-only access please.
>
> read-only was wrong, anonymous write-access for all the world can be set
> up but it is not default.
>
>>
>>>>Use "file name" instead of path in general.
>>>
>>> Why?
>>
>> It is because it is standard in the GNU project.  I mentioned this
>> before.  See "info standards" and go to "GNU manuals".
>>
>>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>>>> +Run @command{man git daemon} for information about the options.
>>>>
>>>> This man command does not work.
>>>
>>> Works for me. As far as I know man pages were merged into git package
>>> recently. When I run this on debian with guix, 'man git daemon' works
>>> too.
>>
>> It does not work for me on NixOS with Guix.  Maybe I am out of date
>> though.
>>
>>>>> +(define %git-accounts
>>>>> +  ;; User account and groups for git-daemon.
>>>>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>>>
>>>> What does this comment mean?  Why would we switch?
>>>
>>> I am not sure about the limitations of git-shell compared to
>>> /bin/sh. If this turns out to be a mistake, it can be corrected. The
>>> only thing I know about git-shell is that it allows no logins.
>>
>> If you do not want a login then probably what you want is
>> #~(string-append #$shadow "/sbin/nologin").
>>
>> Andy
>
> From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
> From: ng0 <ng0@we.make.ritual.n0.is>
> Date: Fri, 8 Jul 2016 15:42:55 +0000
> Subject: [PATCH] gnu: services: Add git-service.
>
> * gnu/services/version-control.scm: New file, create it.
> (git-service): New Procedures.
> (git-service-type): New variable.
> * doc/guix.texi: Add documentation.
> ---
>  doc/guix.texi                    |  37 ++++++++
>  gnu/local.mk                     |   1 +
>  gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++
>  3 files changed, 234 insertions(+)
>  create mode 100644 gnu/services/version-control.scm
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b22cf4a..78d7ee1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7494,6 +7494,7 @@ declaration.
>  * Database Services::           SQL databases.
>  * Mail Services::               IMAP, POP3, SMTP, and all that.
>  * Web Services::                Web servers.
> +* Version Control::             Git and others.
>  * Various Services::            Other services.
>  @end menu
>  
> @@ -9910,6 +9911,42 @@ directories are created when the service is activated.
>  
>  @end deffn
>  
> +@node Version Control
> +@subsubsection Version Control
> +
> +The @code{(gnu services version-control)} module provides the following services:
> +
> +@deffn {Scheme Procedure} git-service [#:git @var{git}] @
> +       [#:base-directory "/var/git/repositories"] @
> +       [#:user-directory? #f ""] [#:port 9418] @
> +       [#:directory? #f ""] [#:max-connections 32] @
> +       [#:pid-file? #t "/var/run/git-daemon.pid"]
> +
> +Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple
> +TCP Git service which exposes local repositories for anonymous remote access.
> +
> +The git daemon runs as the @code{git} unprivileged user.  It is started with
> +the fixed parameters @code{--syslog}, @code{--reuseaddr} and
> +@code{"--no-informative-errors"}.
> +You can pass the parameter @var{base-directory}, which remaps all the directory
> +requests as relative to the given directory.  If you run git-service with
> +@var{base-directory "/var/git/repositories"} on example.com, then if you later try
> +to pull @code{git://example.com/hello.git}, git-service will interpret the directory
> +as @code{/var/git/repositories/hello.git}.
> +@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32.
> +Set it to 0 for no limit.
> +@var{user-directory} allows allows ~user notation to be used in requests. When
> +specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a
> +request to access @code{foo} repository in the home directory of user @code{alice}.
> +If @var{user-directory "path"} is specified, the same request is taken as a request
> +to access @code{path/foo} repository in the home directory of user @code{alice}.
> +The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories
> +to the whitelist of allowed directories.
> +Furthermore git-service takes the parameter @var{port}, which defaults to 9418.
> +Run @command{man git daemon} for information about the options.
> +
> +@end deffn
> +
>  @node Various Services
>  @subsubsection Various Services
>  
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d75ab54..9220d06 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -390,6 +390,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/services/herd.scm				\
>    %D%/services/spice.scm				\
>    %D%/services/ssh.scm				\
> +  %D%/services/version-control.scm              \
>    %D%/services/web.scm				\
>    %D%/services/xorg.scm				\
>  						\
> diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> new file mode 100644
> index 0000000..5578003
> --- /dev/null
> +++ b/gnu/services/version-control.scm
> @@ -0,0 +1,196 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu services version-control)
> +  #:use-module (gnu services)
> +  #:use-module (gnu services base)
> +  #:use-module (gnu services shepherd)
> +  #:use-module (gnu system shadow)
> +  #:use-module (gnu packages version-control)
> +  #:use-module (gnu packages admin)
> +  #:use-module (guix records)
> +  #:use-module (guix gexp)
> +  #:use-module (srfi srfi-1)
> +  #:use-module (ice-9 match)
> +  #:export (git-service
> +            git-service-type
> +            git-configuration
> +            git-configuration?
> +            git-configuration-git
> +            git-configuration-port
> +            git-configuration-base-directory
> +            git-configuration-pid-file
> +            git-configuration-max-connections
> +            git-configuration-user-directory
> +            git-configuration-directory))
> +
> +;;; Commentary:
> +;;;
> +;;; Version Control related services.
> +;;;
> +;;; Code:
> +
> +
> +;;;
> +;;; git
> +;;;
> +
> +(define-record-type* <git-configuration> git-configuration
> +  make-git-configuration
> +  git-configuration?
> +  (git              git-configuration-git  ;package
> +                    (default git))
> +  (pid-file?        git-configuration-pid-file) ;string
> +  (base-directory   git-configuration-base-directory) ;string
> +  (user-directory?  git-configuration-user-directory) ;string
> +  (directory?       git-configuration-directory) ;string
> +  (max-connections  git-configuration-max-connections) ;number
> +  (port             git-configuration-port)) ;number
> +
> +(define (git-shepherd-service config)
> +  "Return a <shepherd-service> for git with CONFIG."
> +  (define git (git-configuration-git config))
> +
> +  ;; Comments do not list all the features available, but the commented ones are
> +  ;; features which are a TODO for this service.
> +  (define git-command
> +    #~(list
> +       (string-append #$git "/bin/git") "daemon"
> +
> +       ;; Log to syslog instead of stderr. Note that this option does not imply
> +       ;; --verbose, thus by default only error conditions will be logged.
> +       "--syslog"
> +
> +       ;; Convenient for clients, but may leak information about the existence of
> +       ;; unexported repositories.  When informative errors are not enabled, all
> +       ;; errors report "access denied" to the client.
> +       "--no-informative-errors"
> +
> +       ;; Use SO_REUSEADDR when binding the listening socket.  This allows the
> +       ;; server to restart without waiting for old connections to time out.
> +       "--reuseaddr"
> +
> +       ;; A directory to add to the whitelist of allowed directories. Unless
> +       ;; --strict-paths is specified this will also include subdirectories of
> +       ;; each named directory.
> +       ;; --directory
> +       ;; TODO: Add the option to add multiple occurences of --directory
> +       (if (git-configuration-directory? config)
> +           (string-append "--directory=" #$(git-configuration-directory config))
> +           "")
> +
> +       ;; --interpolated-path=<pathtemplate>
> +       ;; To support virtual hosting, an interpolated path template can be used to
> +       ;; dynamically construct alternate paths. The template supports %H for the target
> +       ;; hostname as supplied by the client but converted to all lowercase,
> +       ;; %CH for the canonical hostname, %IP for the server’s IP address,
> +       ;; %P for the port number, and %D for the absolute path of the named repository.
> +       ;; After interpolation, the path is validated against the directory whitelist.
> +
> +       ;; --export-all
> +       ;; Allow pulling from all directories that look like Git repositories (have the
> +       ;; objects and refs subdirectories), even if they do not have the git-daemon-export-ok
> +       ;; file.
> +
> +       ;; --listen=<host_or_ipaddr>
> +       ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4
> +       ;; address or an IPv6 address if supported. If IPv6 is not supported, then
> +       ;; --listen=hostname is also not supported and --listen must be given an IPv4 address.
> +       ;; Can be given more than once. Incompatible with --inetd option.
> +
> +       ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit.
> +       (string-append "--max-connections=" #$(number->string
> +                                              (git-configuration-max-connections config)))
> +
> +       ;; --user-path, --user-path=<path>
> +       ;; Allow ~user notation to be used in requests. When specified with no parameter,
> +       ;; requests to git://host/~alice/foo is taken as a request to access foo repository
> +       ;; in the home directory of user alice. If --user-path=path is specified, the same
> +       ;; request is taken as a request to access path/foo repository in the home
> +       ;; directory of user alice.
> +       (if (git-configuration-user-directory? config)
> +           "--user-path" "")
> +
> +       ;; Save the process id in file. Ignored when the daemon is run under --inetd.
> +       (if (git-configuration-pid-file? config)
> +           (string-append "--pid-file=" #$(git-configuration-pid-file config))
> +           "")
> +       (string-append "--port=" #$(number->string (git-configuration-port config)))
> +       (string-append "--base-path=" #$(git-configuration-base-directory config))))
> +
> +  (define requires
> +    '(networking syslogd))
> +
> +  (list (shepherd-service
> +         (documentation "Git daemon server for git repositories")
> +         (requirement requires)
> +         (provision '(git))
> +         (start #~(make-forkexec-constructor #$git-command))
> +         (stop #~(make-kill-destructor)))))
> +
> +(define %git-accounts
> +  ;; User account and groups for git-daemon.
> +  (list (user-group
> +         (name "git")
> +         (system? #t))
> +        (user-account
> +         (name "git")
> +         (system? #t)
> +         (group "git")
> +         (comment "Shepherd created user for the git-daemon service")
> +         (home-directory "/var/git")
> +         (shell #~(string-append #$shadow "/bin/git-shell")))))
> +
> +(define (git-activation config)
> +  "Return the activation gexp for CONFIG."
> +  #~(begin (use-modules (guix build utils))
> +           ;; Create the default base-directory, see `man git daemon'.
> +           (mkdir-p "/var/git/repositories")))
> +
> +(define git-service-type
> +  (service-type (name 'git)
> +   (extensions
> +    (list (service-extension shepherd-root-service-type
> +                             git-shepherd-service)
> +          (service-extension activation-service-type
> +                             git-activation)))))
> +
> +(define* (git-service #:key
> +                      (git git)
> +                      (base-directory "/var/git/repositories")
> +                      (user-directory? #f)
> +                      (user-directory? "")
> +                      (directory? #f)
> +                      (directory "")
> +                      (port 9418)
> +                      (pid-file? #t)
> +                      (pid-file "/var/run/git-daemon.pid")
> +                      (max-connections 32))
> +  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
> +The daemon will listen on the port specified in @var{port}.
> +In addition, @var{base-path} specifies the path which will repositories
> +which can be exported by adding 'git-daemon-export-ok' files to them."
> +  (service git-service-type
> +           (git-configuration
> +            (git git)
> +            (base-directory base-directory)
> +            (user-directory? user-directory?)
> +            (directory? directory?)
> +            (port port)
> +            (pid-file? pid-file?)
> +            (max-connections max-connections))))
> -- 
> 2.9.3
>
>
> -- 
> ng0
> For non-prism friendly talk find me on http://www.psyced.org
ng0 - Sept. 27, 2016, 8:20 a.m.
So almost one month passed now.
To continue testing this, I need help on this first.

Thanks.

ng0 <ng0@we.make.ritual.n0.is> writes:

> I tried to address most of what you've written.
>
> While I was correcting the documentation I decided to add more options,
> now it doesn't work anymore, probably because of the ifs I added.
>
> Andy Wingo <wingo@igalia.com> writes:
>
>> On Tue 30 Aug 2016 13:45, ng0 <ng0@we.make.ritual.n0.is> writes:
>>
>>>>I also think that "path" might
>>>> not be the right word, which in GNU manuals is only used for search
>>>> paths.  See the "GNU Manuals" section of standards.texi for more.
>>>> Anyway I suggest #:base-directory.  Make sure the port is an integer and
>>>> not a string.
>>>
>>> See 'man git daemon'.
>>
>> I ran this and it did not work -- first showed me a page for git then
>> for daemon.  I believe you want "man git-daemon"?
>>
>>> The switch is called --base-path.  Looking at the openrc conf.d/git or
>>> what the config file was called again, they stick to this name too.
>>> It would just cause confusion if we go ahead and call it differently.
>>> Upstream should be fixed, but I'm not going there.  If you think we
>>> should break expectations, I can rename it.
>>
>> "Fixing" upstream is out of our remit :)  All I can ask is that we do
>> not introduce new uses of the word "path".
>>
>>>>> +Return a service to run the @uref{https://git-scm.com, git} daemon version control
>>>>> +daemon.
>>>>
>>>> Extra "daemon" here.  Probably needs a sentence on what running the
>>>> daemon will do (namely, expose local repositories for remote access).
>>>>
>>>> What about authentication?  Is this purely anonymous?
>>>
>>> Exactly, authentication is handled via other daemons, for example ssh or
>>> gitolite. git daemon supports no authentication and is read-only, as far
>>> as I know. At the servers I use and setup, I pull via
>>> git://,http://,https:// and push via ssh.
>>> Its selfdescription is:
>>> git-daemon - A really simple server for Git repositories.
>>
>> This needs to be documented in the manual, is what I was getting at :)
>> Mention that this is for anonymous read-only access please.
>
> read-only was wrong, anonymous write-access for all the world can be set
> up but it is not default.
>
>>
>>>>Use "file name" instead of path in general.
>>>
>>> Why?
>>
>> It is because it is standard in the GNU project.  I mentioned this
>> before.  See "info standards" and go to "GNU manuals".
>>
>>>>> +Furthermore it takes the parameter @var{port} which defaults to 9418.
>>>>> +Run @command{man git daemon} for information about the options.
>>>>
>>>> This man command does not work.
>>>
>>> Works for me. As far as I know man pages were merged into git package
>>> recently. When I run this on debian with guix, 'man git daemon' works
>>> too.
>>
>> It does not work for me on NixOS with Guix.  Maybe I am out of date
>> though.
>>
>>>>> +(define %git-accounts
>>>>> +  ;; User account and groups for git-daemon.
>>>>> +  ;; We can give it git-shell for now, otherwise we can switch to /bin/sh.
>>>>
>>>> What does this comment mean?  Why would we switch?
>>>
>>> I am not sure about the limitations of git-shell compared to
>>> /bin/sh. If this turns out to be a mistake, it can be corrected. The
>>> only thing I know about git-shell is that it allows no logins.
>>
>> If you do not want a login then probably what you want is
>> #~(string-append #$shadow "/sbin/nologin").
>>
>> Andy
>
> From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
> From: ng0 <ng0@we.make.ritual.n0.is>
> Date: Fri, 8 Jul 2016 15:42:55 +0000
> Subject: [PATCH] gnu: services: Add git-service.
>
> * gnu/services/version-control.scm: New file, create it.
> (git-service): New Procedures.
> (git-service-type): New variable.
> * doc/guix.texi: Add documentation.
> ---
>  doc/guix.texi                    |  37 ++++++++
>  gnu/local.mk                     |   1 +
>  gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++
>  3 files changed, 234 insertions(+)
>  create mode 100644 gnu/services/version-control.scm
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b22cf4a..78d7ee1 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7494,6 +7494,7 @@ declaration.
>  * Database Services::           SQL databases.
>  * Mail Services::               IMAP, POP3, SMTP, and all that.
>  * Web Services::                Web servers.
> +* Version Control::             Git and others.
>  * Various Services::            Other services.
>  @end menu
>  
> @@ -9910,6 +9911,42 @@ directories are created when the service is activated.
>  
>  @end deffn
>  
> +@node Version Control
> +@subsubsection Version Control
> +
> +The @code{(gnu services version-control)} module provides the following services:
> +
> +@deffn {Scheme Procedure} git-service [#:git @var{git}] @
> +       [#:base-directory "/var/git/repositories"] @
> +       [#:user-directory? #f ""] [#:port 9418] @
> +       [#:directory? #f ""] [#:max-connections 32] @
> +       [#:pid-file? #t "/var/run/git-daemon.pid"]
> +
> +Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple
> +TCP Git service which exposes local repositories for anonymous remote access.
> +
> +The git daemon runs as the @code{git} unprivileged user.  It is started with
> +the fixed parameters @code{--syslog}, @code{--reuseaddr} and
> +@code{"--no-informative-errors"}.
> +You can pass the parameter @var{base-directory}, which remaps all the directory
> +requests as relative to the given directory.  If you run git-service with
> +@var{base-directory "/var/git/repositories"} on example.com, then if you later try
> +to pull @code{git://example.com/hello.git}, git-service will interpret the directory
> +as @code{/var/git/repositories/hello.git}.
> +@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32.
> +Set it to 0 for no limit.
> +@var{user-directory} allows allows ~user notation to be used in requests. When
> +specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a
> +request to access @code{foo} repository in the home directory of user @code{alice}.
> +If @var{user-directory "path"} is specified, the same request is taken as a request
> +to access @code{path/foo} repository in the home directory of user @code{alice}.
> +The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories
> +to the whitelist of allowed directories.
> +Furthermore git-service takes the parameter @var{port}, which defaults to 9418.
> +Run @command{man git daemon} for information about the options.
> +
> +@end deffn
> +
>  @node Various Services
>  @subsubsection Various Services
>  
> diff --git a/gnu/local.mk b/gnu/local.mk
> index d75ab54..9220d06 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -390,6 +390,7 @@ GNU_SYSTEM_MODULES =				\
>    %D%/services/herd.scm				\
>    %D%/services/spice.scm				\
>    %D%/services/ssh.scm				\
> +  %D%/services/version-control.scm              \
>    %D%/services/web.scm				\
>    %D%/services/xorg.scm				\
>  						\
> diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
> new file mode 100644
> index 0000000..5578003
> --- /dev/null
> +++ b/gnu/services/version-control.scm
> @@ -0,0 +1,196 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu services version-control)
> +  #:use-module (gnu services)
> +  #:use-module (gnu services base)
> +  #:use-module (gnu services shepherd)
> +  #:use-module (gnu system shadow)
> +  #:use-module (gnu packages version-control)
> +  #:use-module (gnu packages admin)
> +  #:use-module (guix records)
> +  #:use-module (guix gexp)
> +  #:use-module (srfi srfi-1)
> +  #:use-module (ice-9 match)
> +  #:export (git-service
> +            git-service-type
> +            git-configuration
> +            git-configuration?
> +            git-configuration-git
> +            git-configuration-port
> +            git-configuration-base-directory
> +            git-configuration-pid-file
> +            git-configuration-max-connections
> +            git-configuration-user-directory
> +            git-configuration-directory))
> +
> +;;; Commentary:
> +;;;
> +;;; Version Control related services.
> +;;;
> +;;; Code:
> +
> +
> +;;;
> +;;; git
> +;;;
> +
> +(define-record-type* <git-configuration> git-configuration
> +  make-git-configuration
> +  git-configuration?
> +  (git              git-configuration-git  ;package
> +                    (default git))
> +  (pid-file?        git-configuration-pid-file) ;string
> +  (base-directory   git-configuration-base-directory) ;string
> +  (user-directory?  git-configuration-user-directory) ;string
> +  (directory?       git-configuration-directory) ;string
> +  (max-connections  git-configuration-max-connections) ;number
> +  (port             git-configuration-port)) ;number
> +
> +(define (git-shepherd-service config)
> +  "Return a <shepherd-service> for git with CONFIG."
> +  (define git (git-configuration-git config))
> +
> +  ;; Comments do not list all the features available, but the commented ones are
> +  ;; features which are a TODO for this service.
> +  (define git-command
> +    #~(list
> +       (string-append #$git "/bin/git") "daemon"
> +
> +       ;; Log to syslog instead of stderr. Note that this option does not imply
> +       ;; --verbose, thus by default only error conditions will be logged.
> +       "--syslog"
> +
> +       ;; Convenient for clients, but may leak information about the existence of
> +       ;; unexported repositories.  When informative errors are not enabled, all
> +       ;; errors report "access denied" to the client.
> +       "--no-informative-errors"
> +
> +       ;; Use SO_REUSEADDR when binding the listening socket.  This allows the
> +       ;; server to restart without waiting for old connections to time out.
> +       "--reuseaddr"
> +
> +       ;; A directory to add to the whitelist of allowed directories. Unless
> +       ;; --strict-paths is specified this will also include subdirectories of
> +       ;; each named directory.
> +       ;; --directory
> +       ;; TODO: Add the option to add multiple occurences of --directory
> +       (if (git-configuration-directory? config)
> +           (string-append "--directory=" #$(git-configuration-directory config))
> +           "")
> +
> +       ;; --interpolated-path=<pathtemplate>
> +       ;; To support virtual hosting, an interpolated path template can be used to
> +       ;; dynamically construct alternate paths. The template supports %H for the target
> +       ;; hostname as supplied by the client but converted to all lowercase,
> +       ;; %CH for the canonical hostname, %IP for the server’s IP address,
> +       ;; %P for the port number, and %D for the absolute path of the named repository.
> +       ;; After interpolation, the path is validated against the directory whitelist.
> +
> +       ;; --export-all
> +       ;; Allow pulling from all directories that look like Git repositories (have the
> +       ;; objects and refs subdirectories), even if they do not have the git-daemon-export-ok
> +       ;; file.
> +
> +       ;; --listen=<host_or_ipaddr>
> +       ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4
> +       ;; address or an IPv6 address if supported. If IPv6 is not supported, then
> +       ;; --listen=hostname is also not supported and --listen must be given an IPv4 address.
> +       ;; Can be given more than once. Incompatible with --inetd option.
> +
> +       ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit.
> +       (string-append "--max-connections=" #$(number->string
> +                                              (git-configuration-max-connections config)))
> +
> +       ;; --user-path, --user-path=<path>
> +       ;; Allow ~user notation to be used in requests. When specified with no parameter,
> +       ;; requests to git://host/~alice/foo is taken as a request to access foo repository
> +       ;; in the home directory of user alice. If --user-path=path is specified, the same
> +       ;; request is taken as a request to access path/foo repository in the home
> +       ;; directory of user alice.
> +       (if (git-configuration-user-directory? config)
> +           "--user-path" "")
> +
> +       ;; Save the process id in file. Ignored when the daemon is run under --inetd.
> +       (if (git-configuration-pid-file? config)
> +           (string-append "--pid-file=" #$(git-configuration-pid-file config))
> +           "")
> +       (string-append "--port=" #$(number->string (git-configuration-port config)))
> +       (string-append "--base-path=" #$(git-configuration-base-directory config))))
> +
> +  (define requires
> +    '(networking syslogd))
> +
> +  (list (shepherd-service
> +         (documentation "Git daemon server for git repositories")
> +         (requirement requires)
> +         (provision '(git))
> +         (start #~(make-forkexec-constructor #$git-command))
> +         (stop #~(make-kill-destructor)))))
> +
> +(define %git-accounts
> +  ;; User account and groups for git-daemon.
> +  (list (user-group
> +         (name "git")
> +         (system? #t))
> +        (user-account
> +         (name "git")
> +         (system? #t)
> +         (group "git")
> +         (comment "Shepherd created user for the git-daemon service")
> +         (home-directory "/var/git")
> +         (shell #~(string-append #$shadow "/bin/git-shell")))))
> +
> +(define (git-activation config)
> +  "Return the activation gexp for CONFIG."
> +  #~(begin (use-modules (guix build utils))
> +           ;; Create the default base-directory, see `man git daemon'.
> +           (mkdir-p "/var/git/repositories")))
> +
> +(define git-service-type
> +  (service-type (name 'git)
> +   (extensions
> +    (list (service-extension shepherd-root-service-type
> +                             git-shepherd-service)
> +          (service-extension activation-service-type
> +                             git-activation)))))
> +
> +(define* (git-service #:key
> +                      (git git)
> +                      (base-directory "/var/git/repositories")
> +                      (user-directory? #f)
> +                      (user-directory? "")
> +                      (directory? #f)
> +                      (directory "")
> +                      (port 9418)
> +                      (pid-file? #t)
> +                      (pid-file "/var/run/git-daemon.pid")
> +                      (max-connections 32))
> +  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
> +The daemon will listen on the port specified in @var{port}.
> +In addition, @var{base-path} specifies the path which will repositories
> +which can be exported by adding 'git-daemon-export-ok' files to them."
> +  (service git-service-type
> +           (git-configuration
> +            (git git)
> +            (base-directory base-directory)
> +            (user-directory? user-directory?)
> +            (directory? directory?)
> +            (port port)
> +            (pid-file? pid-file?)
> +            (max-connections max-connections))))
> -- 
> 2.9.3
>
>
> -- 
> ng0
> For non-prism friendly talk find me on http://www.psyced.org
Ricardo Wurmus - Sept. 30, 2016, 7:41 a.m.
ng0 <ngillmann@runbox.com> writes:

> So almost one month passed now.
> To continue testing this, I need help on this first.

The quoted email is very long with different parties interacting.  It is
hard to see what the problem is and you what you need help with.

Could you please ask a clear question?  This would make it much more
likely that anyone here could help.

~~ Ricardo
=?utf-8?B?5a6L5paH5q2m?= - Sept. 30, 2016, 11:49 p.m.
ng0 <ng0@we.make.ritual.n0.is> writes:


>> From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
>> From: ng0 <ng0@we.make.ritual.n0.is>
>> Date: Fri, 8 Jul 2016 15:42:55 +0000
>> Subject: [PATCH] gnu: services: Add git-service.
>>
>> * gnu/services/version-control.scm: New file, create it.
>> (git-service): New Procedures.
>> (git-service-type): New variable.
>> * doc/guix.texi: Add documentation.

I think it should be: * doc/guix.text (Services)(Version Control): New section.

> [...]
>> +(define %git-accounts
>> +  ;; User account and groups for git-daemon.
>> +  (list (user-group
>> +         (name "git")
>> +         (system? #t))
>> +        (user-account
>> +         (name "git")
>> +         (system? #t)
>> +         (group "git")
>> +         (comment "Shepherd created user for the git-daemon service")
>> +         (home-directory "/var/git")

I think it doesn't need a home directory.

>> +         (shell #~(string-append #$shadow "/bin/git-shell")))))

Use 'nologin' should be enough, according to `man git-shell', it's for
SSH access.

Also, it seems this 'git' user is not used anywhere, it should be passed
as the '--user' argument to 'git daemon' or as '#:user' to
'make-forkexec-constructor'.

>> +
>> +(define (git-activation config)
>> +  "Return the activation gexp for CONFIG."
>> +  #~(begin (use-modules (guix build utils))
>> +           ;; Create the default base-directory, see `man git daemon'.
>> +           (mkdir-p "/var/git/repositories")))

This should create the 'git-configuration-base-directory' of config, and
make sure it's readable by the 'git' user.


>> +(define* (git-service #:key
>> +                      (git git)
>> +                      (base-directory "/var/git/repositories")
>> +                      (user-directory? #f)
>> +                      (user-directory? "")
>> +                      (directory? #f)
>> +                      (directory "")
>> +                      (port 9418)
>> +                      (pid-file? #t)
>> +                      (pid-file "/var/run/git-daemon.pid")
>> +                      (max-connections 32))

This should just accept a <git-configuration> object, and document it in
the manaual (no need to make detail comments in the git-command, which I
think a mention to `man git-daemon' is fine there).


For testing, I guess 'git clone git://localhost/xxx' in the VM is
enough.

And the patch doesn't apply for me, can you send an update one?
non such - Oct. 16, 2016, 2:30 p.m.
宋文武 <iyzsong@member.fsf.org> writes:

> ng0 <ng0@we.make.ritual.n0.is> writes:
>
>
>>> From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
>>> From: ng0 <ng0@we.make.ritual.n0.is>
>>> Date: Fri, 8 Jul 2016 15:42:55 +0000
>>> Subject: [PATCH] gnu: services: Add git-service.
>>>
>>> * gnu/services/version-control.scm: New file, create it.
>>> (git-service): New Procedures.
>>> (git-service-type): New variable.
>>> * doc/guix.texi: Add documentation.
>
> I think it should be: * doc/guix.text (Services)(Version Control): New section.
>
>> [...]
>>> +(define %git-accounts
>>> +  ;; User account and groups for git-daemon.
>>> +  (list (user-group
>>> +         (name "git")
>>> +         (system? #t))
>>> +        (user-account
>>> +         (name "git")
>>> +         (system? #t)
>>> +         (group "git")
>>> +         (comment "Shepherd created user for the git-daemon service")
>>> +         (home-directory "/var/git")
>
> I think it doesn't need a home directory.
>
>>> +         (shell #~(string-append #$shadow "/bin/git-shell")))))
>
> Use 'nologin' should be enough, according to `man git-shell', it's for
> SSH access.

The ssh access is intended, that's why it had a home-directory. For now
I will apply what you suggested, but this is a use case I have myself
and why would I use gitolite when git+ssh do the job well enough.

> Also, it seems this 'git' user is not used anywhere, it should be passed
> as the '--user' argument to 'git daemon' or as '#:user' to
> 'make-forkexec-constructor'.
>
>>> +
>>> +(define (git-activation config)
>>> +  "Return the activation gexp for CONFIG."
>>> +  #~(begin (use-modules (guix build utils))
>>> +           ;; Create the default base-directory, see `man git daemon'.
>>> +           (mkdir-p "/var/git/repositories")))
>
> This should create the 'git-configuration-base-directory' of config, and
> make sure it's readable by the 'git' user.
>
>
>>> +(define* (git-service #:key
>>> +                      (git git)
>>> +                      (base-directory "/var/git/repositories")
>>> +                      (user-directory? #f)
>>> +                      (user-directory? "")
>>> +                      (directory? #f)
>>> +                      (directory "")
>>> +                      (port 9418)
>>> +                      (pid-file? #t)
>>> +                      (pid-file "/var/run/git-daemon.pid")
>>> +                      (max-connections 32))
>
> This should just accept a <git-configuration> object, and document it in
> the manaual (no need to make detail comments in the git-command, which I
> think a mention to `man git-daemon' is fine there).

How? This thread is taking so much time because this is one of my 3
first services and I'm trying to learn more guile. I'll look at other
services like before, but I asked for help because I'm stuck. I think
openssh-service had this.. But what I have worked before I added all
other options, and for now I want it this way.. Just debug this without
changing it any further.
But if this would not require much changes which can not break things
further, I'll apply it.

>
> For testing, I guess 'git clone git://localhost/xxx' in the VM is
> enough.
>
> And the patch doesn't apply for me, can you send an update one?
>

Patch

From d1d7eb59ca53833098cea2d6eddaa59f1494b579 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@we.make.ritual.n0.is>
Date: Fri, 8 Jul 2016 15:42:55 +0000
Subject: [PATCH] gnu: services: Add git-service.

* gnu/services/version-control.scm: New file, create it.
(git-service): New Procedures.
(git-service-type): New variable.
* doc/guix.texi: Add documentation.
---
 doc/guix.texi                    |  37 ++++++++
 gnu/local.mk                     |   1 +
 gnu/services/version-control.scm | 196 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 234 insertions(+)
 create mode 100644 gnu/services/version-control.scm

diff --git a/doc/guix.texi b/doc/guix.texi
index b22cf4a..78d7ee1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7494,6 +7494,7 @@  declaration.
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Version Control::             Git and others.
 * Various Services::            Other services.
 @end menu
 
@@ -9910,6 +9911,42 @@  directories are created when the service is activated.
 
 @end deffn
 
+@node Version Control
+@subsubsection Version Control
+
+The @code{(gnu services version-control)} module provides the following services:
+
+@deffn {Scheme Procedure} git-service [#:git @var{git}] @
+       [#:base-directory "/var/git/repositories"] @
+       [#:user-directory? #f ""] [#:port 9418] @
+       [#:directory? #f ""] [#:max-connections 32] @
+       [#:pid-file? #t "/var/run/git-daemon.pid"]
+
+Return a service to run the @uref{https://git-scm.com, Git} daemon, a really simple
+TCP Git service which exposes local repositories for anonymous remote access.
+
+The git daemon runs as the @code{git} unprivileged user.  It is started with
+the fixed parameters @code{--syslog}, @code{--reuseaddr} and
+@code{"--no-informative-errors"}.
+You can pass the parameter @var{base-directory}, which remaps all the directory
+requests as relative to the given directory.  If you run git-service with
+@var{base-directory "/var/git/repositories"} on example.com, then if you later try
+to pull @code{git://example.com/hello.git}, git-service will interpret the directory
+as @code{/var/git/repositories/hello.git}.
+@var{max-connections} sets the maximum number of concurrent clients, it defaults to 32.
+Set it to 0 for no limit.
+@var{user-directory} allows allows ~user notation to be used in requests. When
+specified with no parameter, requests to @code{git://host/~alice/foo} is taken as a
+request to access @code{foo} repository in the home directory of user @code{alice}.
+If @var{user-directory "path"} is specified, the same request is taken as a request
+to access @code{path/foo} repository in the home directory of user @code{alice}.
+The parameter @var{directory "foo"} adds the directory "foo" and its subdirectories
+to the whitelist of allowed directories.
+Furthermore git-service takes the parameter @var{port}, which defaults to 9418.
+Run @command{man git daemon} for information about the options.
+
+@end deffn
+
 @node Various Services
 @subsubsection Various Services
 
diff --git a/gnu/local.mk b/gnu/local.mk
index d75ab54..9220d06 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -390,6 +390,7 @@  GNU_SYSTEM_MODULES =				\
   %D%/services/herd.scm				\
   %D%/services/spice.scm				\
   %D%/services/ssh.scm				\
+  %D%/services/version-control.scm              \
   %D%/services/web.scm				\
   %D%/services/xorg.scm				\
 						\
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
new file mode 100644
index 0000000..5578003
--- /dev/null
+++ b/gnu/services/version-control.scm
@@ -0,0 +1,196 @@ 
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services version-control)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages admin)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (git-service
+            git-service-type
+            git-configuration
+            git-configuration?
+            git-configuration-git
+            git-configuration-port
+            git-configuration-base-directory
+            git-configuration-pid-file
+            git-configuration-max-connections
+            git-configuration-user-directory
+            git-configuration-directory))
+
+;;; Commentary:
+;;;
+;;; Version Control related services.
+;;;
+;;; Code:
+
+
+;;;
+;;; git
+;;;
+
+(define-record-type* <git-configuration> git-configuration
+  make-git-configuration
+  git-configuration?
+  (git              git-configuration-git  ;package
+                    (default git))
+  (pid-file?        git-configuration-pid-file) ;string
+  (base-directory   git-configuration-base-directory) ;string
+  (user-directory?  git-configuration-user-directory) ;string
+  (directory?       git-configuration-directory) ;string
+  (max-connections  git-configuration-max-connections) ;number
+  (port             git-configuration-port)) ;number
+
+(define (git-shepherd-service config)
+  "Return a <shepherd-service> for git with CONFIG."
+  (define git (git-configuration-git config))
+
+  ;; Comments do not list all the features available, but the commented ones are
+  ;; features which are a TODO for this service.
+  (define git-command
+    #~(list
+       (string-append #$git "/bin/git") "daemon"
+
+       ;; Log to syslog instead of stderr. Note that this option does not imply
+       ;; --verbose, thus by default only error conditions will be logged.
+       "--syslog"
+
+       ;; Convenient for clients, but may leak information about the existence of
+       ;; unexported repositories.  When informative errors are not enabled, all
+       ;; errors report "access denied" to the client.
+       "--no-informative-errors"
+
+       ;; Use SO_REUSEADDR when binding the listening socket.  This allows the
+       ;; server to restart without waiting for old connections to time out.
+       "--reuseaddr"
+
+       ;; A directory to add to the whitelist of allowed directories. Unless
+       ;; --strict-paths is specified this will also include subdirectories of
+       ;; each named directory.
+       ;; --directory
+       ;; TODO: Add the option to add multiple occurences of --directory
+       (if (git-configuration-directory? config)
+           (string-append "--directory=" #$(git-configuration-directory config))
+           "")
+
+       ;; --interpolated-path=<pathtemplate>
+       ;; To support virtual hosting, an interpolated path template can be used to
+       ;; dynamically construct alternate paths. The template supports %H for the target
+       ;; hostname as supplied by the client but converted to all lowercase,
+       ;; %CH for the canonical hostname, %IP for the server’s IP address,
+       ;; %P for the port number, and %D for the absolute path of the named repository.
+       ;; After interpolation, the path is validated against the directory whitelist.
+
+       ;; --export-all
+       ;; Allow pulling from all directories that look like Git repositories (have the
+       ;; objects and refs subdirectories), even if they do not have the git-daemon-export-ok
+       ;; file.
+
+       ;; --listen=<host_or_ipaddr>
+       ;; Listen on a specific IP address or hostname. IP addresses can be either an IPv4
+       ;; address or an IPv6 address if supported. If IPv6 is not supported, then
+       ;; --listen=hostname is also not supported and --listen must be given an IPv4 address.
+       ;; Can be given more than once. Incompatible with --inetd option.
+
+       ;; Maximum number of concurrent clients, defaults to 32. Set it to zero for no limit.
+       (string-append "--max-connections=" #$(number->string
+                                              (git-configuration-max-connections config)))
+
+       ;; --user-path, --user-path=<path>
+       ;; Allow ~user notation to be used in requests. When specified with no parameter,
+       ;; requests to git://host/~alice/foo is taken as a request to access foo repository
+       ;; in the home directory of user alice. If --user-path=path is specified, the same
+       ;; request is taken as a request to access path/foo repository in the home
+       ;; directory of user alice.
+       (if (git-configuration-user-directory? config)
+           "--user-path" "")
+
+       ;; Save the process id in file. Ignored when the daemon is run under --inetd.
+       (if (git-configuration-pid-file? config)
+           (string-append "--pid-file=" #$(git-configuration-pid-file config))
+           "")
+       (string-append "--port=" #$(number->string (git-configuration-port config)))
+       (string-append "--base-path=" #$(git-configuration-base-directory config))))
+
+  (define requires
+    '(networking syslogd))
+
+  (list (shepherd-service
+         (documentation "Git daemon server for git repositories")
+         (requirement requires)
+         (provision '(git))
+         (start #~(make-forkexec-constructor #$git-command))
+         (stop #~(make-kill-destructor)))))
+
+(define %git-accounts
+  ;; User account and groups for git-daemon.
+  (list (user-group
+         (name "git")
+         (system? #t))
+        (user-account
+         (name "git")
+         (system? #t)
+         (group "git")
+         (comment "Shepherd created user for the git-daemon service")
+         (home-directory "/var/git")
+         (shell #~(string-append #$shadow "/bin/git-shell")))))
+
+(define (git-activation config)
+  "Return the activation gexp for CONFIG."
+  #~(begin (use-modules (guix build utils))
+           ;; Create the default base-directory, see `man git daemon'.
+           (mkdir-p "/var/git/repositories")))
+
+(define git-service-type
+  (service-type (name 'git)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             git-shepherd-service)
+          (service-extension activation-service-type
+                             git-activation)))))
+
+(define* (git-service #:key
+                      (git git)
+                      (base-directory "/var/git/repositories")
+                      (user-directory? #f)
+                      (user-directory? "")
+                      (directory? #f)
+                      (directory "")
+                      (port 9418)
+                      (pid-file? #t)
+                      (pid-file "/var/run/git-daemon.pid")
+                      (max-connections 32))
+  "Return a service that runs @url{https://git-scm.org,git} as a daemon.
+The daemon will listen on the port specified in @var{port}.
+In addition, @var{base-path} specifies the path which will repositories
+which can be exported by adding 'git-daemon-export-ok' files to them."
+  (service git-service-type
+           (git-configuration
+            (git git)
+            (base-directory base-directory)
+            (user-directory? user-directory?)
+            (directory? directory?)
+            (port port)
+            (pid-file? pid-file?)
+            (max-connections max-connections))))
-- 
2.9.3